Protecting Your Email Account
More email accounts are hijacked than any other type of online account.
And when an attacker gains access to your email, he or she is in a good position to reset passwords to other important accounts, like your bank, social networking, brokerage, Amazon.com, etc. After all, where do password-reset links go? To your email address that just got hacked!
Once inside your email account, the attacker is also in a good position to scam everyone on your contact list in your name!
Protect yourself now before it happens!
In this article, we'll discuss some things that reduces the odds of your email being hijacked.
For business people, an email hijacking can be ruinously expense, exposing the owner to limitless liability as their clients sensitive data (emails and attachments) are exposed to an attacker. And it's professionally embarrassing as well, demonstrating to all a lack of security or concern. How does this happen?
Using the same password on multiple sites makes it easier for an attacker. If a password database is stolen, as all the recent news coverage attests, the attacker has only to try your email address and password on other popular sites. If it's the same, they're in like Flynn. Never use the same password! CLICK HERE to read my article on good password hygiene.
Being tricked into revealing your password. Nobody thinks they're "gullible enough" to fall for this. But it happens all the time. Attackers have many tools for stealing passwords. Two examples include completely realistic but fake login pages and social engineering which involves being duped by a caller masquerading as a support technician from major online companies, like Microsoft or Norton, etc. This happens a lot. Never log into a site by clicking a link in an email that you received. If you receive an email that your bank account needs attention, for example, then open a separate browser window and log in that way. Never from the email itself.
Malware on your computer that is recording your keystrokes. This is less common but happens regardless. Ensure you have security software on your computer.
Two Factor Authentication to the Rescue
Two-factor authentication, or 2FA, is a technology that dramatically reduces the likelihood of an attacker hijacking your online accounts.
2FA works like an additional, second password in the form of a random six digit number displayed on an app on your phone or sent as a text message. So even if an attacker has your password, they are unable to access a 2FA-protected account because they do not have your phone -- and, hence, no six-digit code.
This is a huge benefit. When the attacker tries to log in as you and sees the request for the code number it's game over and they'll move on to the next victim.
Gmail, the most-excellent email system, offers this feature, only they call it "2-step verification". For your purposes it's the same thing. See sample screens in this article.
Many web sites offer 2FA but many more do not, however the numbers are steadily increasing. Facebook offers 2FA and I recommend turning it on.
CLICK HERE to see a listing of many popular web sites and online services to see if they offer two-factor authentication on their systems. If your favorite site lacks 2FA then complain to them.
Every online service has it's own procedure for implementing 2FA so it's outside the scope of this article to explain the precise setup steps. It's important that you set it up properly and use of all the available emergency access features lest you lock yourself out of your accounts. 2FA is very important but it must be set up correctly!
I can assist with that, if necessary, to make sure your accounts are hardened yet still have emergency access (e.g. you lose your phone).